[gmig]

I feel that the word "backdoor" is incorrectly used here. ZTE confirmed a vulnerability discovered in the phone, not something they placed in the phone intentionally (backdoor).

[bri3d]

In my mind, "backdoor" is a subset of vulnerability where an intentional permission escalation mechanism can be used in nefarious ways - hence making this a backdoor first and a vulnerability second.

I suspect the code was placed on the phone very intentionally for use by a non-nefarious update or sync agent, especially due to the name of the binary. Hence, a backdoor - just not the "OMG Chinese government watching us" tinfoil hat backdoor it's been made out to be.

[cleverjake]

How is a hardwired password to allow remote access a vulnerability rather than a backdoor?

[ajross]

Last analysis I saw, the access was not remote. It was a local root escalation; you need to have code running on the device before you can use it.